-----------------------------------------------------------------
Закрываем от неавторизованных юзеров
-----------------------------------------------------------------
*/
if (!$user_id) {
require '../incfiles/head.php';
echo functions::display_error($lng['access_guest_forbidden']);
require '../incfiles/end.php';
exit;
}
/*
-----------------------------------------------------------------
Получаем данные пользователя
-----------------------------------------------------------------
*/
$user = functions::get_user($user);
if (!$user) {
require '../incfiles/head.php';
echo functions::display_error($lng['user_does_not_exist']);
require '../incfiles/end.php';
exit;
}
/*
-----------------------------------------------------------------
Функция голосований за фотографии
-----------------------------------------------------------------
*/
function vote_photo($arg = null)
{
global $lng, $datauser, $user_id, $ban;
if ($arg) {
<?php
// Проверяем наличие комментируемого объекта
$req_obj = mysql_query("SELECT * FROM `cms_album_files` WHERE `id` = '{$img}'");
if (mysql_num_rows($req_obj)) {
$res_obj = mysql_fetch_assoc($req_obj);
/*
-----------------------------------------------------------------
Получаем данные владельца Альбома
-----------------------------------------------------------------
*/
$owner = functions::get_user($res_obj['user_id']);
if (!$owner) {
require '../incfiles/head.php';
echo functions::display_error($lng['user_does_not_exist']);
require '../incfiles/end.php';
exit;
}
/*
-----------------------------------------------------------------
Показываем выбранную картинку
-----------------------------------------------------------------
*/
unset($_SESSION['ref']);
$req_a = mysql_query("SELECT * FROM `cms_album_cat` WHERE `id` = '" . $res_obj['album_id'] . "'");
$res_a = mysql_fetch_assoc($req_a);
if ($res_a['access'] == 1 && $owner['id'] != $user_id && $rights < 6 || $res_a['access'] == 2 && (!isset($_SESSION['ap']) || $_SESSION['ap'] != $res_a['password']) && $owner['id'] != $user_id) {
// Если доступ закрыт
require '../incfiles/head.php';
echo functions::display_error($lng['access_forbidden']) . '<div class="phdr"><a href="album.php?act=list&user='******'id'] . '">' . $lng_profile['album_list'] . '</a></div>';
require '../incfiles/end.php';
function __construct($arg = array())
{
global $mod, $start, $kmess;
$this->comments_table = $arg['comments_table'];
$this->object_table = !empty($arg['object_table']) ? $arg['object_table'] : false;
if (!empty($arg['sub_id_name']) && !empty($arg['sub_id'])) {
$this->sub_id = $arg['sub_id'];
$this->url = $arg['script'] . '&' . $arg['sub_id_name'] . '=' . $arg['sub_id'];
} else {
//TODO: Доработать на режим без sub_id
$this->url = $arg['script'];
}
$this->item = isset($_GET['item']) ? abs(intval($_GET['item'])) : false;
// Получаем данные пользователя
if (core::$user_id) {
$this->user_id = core::$user_id;
$this->rights = core::$user_rights;
$this->ban = core::$user_ban;
}
// Назначение пользовательских прав
if (isset($arg['owner'])) {
$this->owner = $arg['owner'];
if (core::$user_id && $arg['owner'] == core::$user_id && !$this->ban) {
$this->access_delete = isset($arg['owner_delete']) ? $arg['owner_delete'] : false;
$this->access_reply = isset($arg['owner_reply']) ? $arg['owner_reply'] : false;
$this->access_edit = isset($arg['owner_edit']) ? $arg['owner_edit'] : false;
}
}
// Открываем доступ для Администрации
if ($this->rights >= $this->access_level) {
$this->access_reply = true;
$this->access_edit = true;
$this->access_delete = true;
}
switch ($mod) {
case 'reply':
/*
-----------------------------------------------------------------
Отвечаем на комментарий
-----------------------------------------------------------------
*/
if ($this->item && $this->access_reply && !$this->ban) {
echo '<div class="phdr"><a href="' . $this->url . '"><b>' . $arg['title'] . '</b></a> | ' . core::$lng['reply'] . '</div>';
$req = mysql_query("SELECT * FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "' AND `sub_id` = '" . $this->sub_id . "' LIMIT 1");
if (mysql_num_rows($req)) {
$res = mysql_fetch_assoc($req);
$attributes = unserialize($res['attributes']);
if (!empty($res['reply']) && $attributes['reply_rights'] > $this->rights) {
echo functions::display_error(core::$lng['error_reply_rights'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>');
} elseif (isset($_POST['submit'])) {
$message = $this->msg_check();
if (empty($message['error'])) {
$attributes['reply_id'] = $this->user_id;
$attributes['reply_rights'] = $this->rights;
$attributes['reply_name'] = core::$user_data['name'];
$attributes['reply_time'] = time();
mysql_query("UPDATE `" . $this->comments_table . "` SET\n `reply` = '" . mysql_real_escape_string($message['text']) . "',\n `attributes` = '" . mysql_real_escape_string(serialize($attributes)) . "'\n WHERE `id` = '" . $this->item . "'\n ");
header('Location: ' . str_replace('&', '&', $this->url));
} else {
echo functions::display_error($message['error'], '<a href="' . $this->url . '&mod=reply&item=' . $this->item . '">' . core::$lng['back'] . '</a>');
}
} else {
$text = '<a href="' . core::$system_set['homeurl'] . '/users/profile.php?user='******'user_id'] . '"><b>' . $attributes['author_name'] . '</b></a>' . ' (' . functions::display_date($res['time']) . ')<br />' . functions::checkout($res['text']);
$reply = functions::checkout($res['reply']);
echo $this->msg_form('&mod=reply&item=' . $this->item, $text, $reply) . '<div class="phdr"><a href="' . $this->url . '">' . core::$lng['back'] . '</a></div>';
}
} else {
echo functions::display_error(core::$lng['error_wrong_data'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>');
}
}
break;
case 'edit':
/*
-----------------------------------------------------------------
Редактируем комментарий
-----------------------------------------------------------------
*/
if ($this->item && $this->access_edit && !$this->ban) {
echo '<div class="phdr"><a href="' . $this->url . '"><b>' . $arg['title'] . '</b></a> | ' . core::$lng['edit'] . '</div>';
$req = mysql_query("SELECT * FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "' AND `sub_id` = '" . $this->sub_id . "' LIMIT 1");
if (mysql_num_rows($req)) {
$res = mysql_fetch_assoc($req);
$attributes = unserialize($res['attributes']);
$user = functions::get_user($res['user_id']);
if ($user['rights'] > core::$user_rights) {
echo functions::display_error(core::$lng['error_edit_rights'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>');
} elseif (isset($_POST['submit'])) {
$message = $this->msg_check();
if (empty($message['error'])) {
$attributes['edit_id'] = $this->user_id;
$attributes['edit_name'] = core::$user_data['name'];
$attributes['edit_time'] = time();
if (isset($attributes['edit_count'])) {
++$attributes['edit_count'];
} else {
$attributes['edit_count'] = 1;
}
mysql_query("UPDATE `" . $this->comments_table . "` SET\n `text` = '" . mysql_real_escape_string($message['text']) . "',\n `attributes` = '" . mysql_real_escape_string(serialize($attributes)) . "'\n WHERE `id` = '" . $this->item . "'\n ");
header('Location: ' . str_replace('&', '&', $this->url));
} else {
echo functions::display_error($message['error'], '<a href="' . $this->url . '&mod=edit&item=' . $this->item . '">' . core::$lng['back'] . '</a>');
}
} else {
$author = '<a href="' . core::$system_set['homeurl'] . '/users/profile.php?user='******'user_id'] . '"><b>' . $attributes['author_name'] . '</b></a>';
$author .= ' (' . functions::display_date($res['time']) . ')<br />';
$text = functions::checkout($res['text']);
echo $this->msg_form('&mod=edit&item=' . $this->item, $author, $text);
}
} else {
echo functions::display_error(core::$lng['error_wrong_data'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>');
}
echo '<div class="phdr"><a href="' . $this->url . '">' . core::$lng['back'] . '</a></div>';
}
break;
case 'del':
/*
-----------------------------------------------------------------
Удаляем комментарий
-----------------------------------------------------------------
*/
if ($this->item && $this->access_delete && !$this->ban) {
if (isset($_GET['yes'])) {
//TODO: Продумать проверку на удаление постов администрации
$req = mysql_query("SELECT * FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "' AND `sub_id` = '" . $this->sub_id . "' LIMIT 1");
if (mysql_num_rows($req)) {
$res = mysql_fetch_assoc($req);
if (isset($_GET['all'])) {
// Удаляем все комментарии выбранного пользователя
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `" . $this->comments_table . "` WHERE `sub_id` = '" . $this->sub_id . "' AND `user_id` = '" . $res['user_id'] . "'"), 0);
mysql_query("DELETE FROM `" . $this->comments_table . "` WHERE `sub_id` = '" . $this->sub_id . "' AND `user_id` = '" . $res['user_id'] . "'");
} else {
// Удаляем отдельный комментарий
$count = 1;
mysql_query("DELETE FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "'");
}
// Вычитаем баллы из статистики пользователя
$req_u = mysql_query("SELECT * FROM `users` WHERE `id` = '" . $res['user_id'] . "'");
if (mysql_num_rows($req_u)) {
$res_u = mysql_fetch_assoc($req_u);
$count = $res_u['komm'] > $count ? $res_u['komm'] - $count : 0;
mysql_query("UPDATE `users` SET `komm` = '{$count}' WHERE `id` = '" . $res['user_id'] . "'");
}
// Обновляем счетчик комментариев
$this->msg_total(1);
}
header('Location: ' . str_replace('&', '&', $this->url));
} else {
echo '<div class="phdr"><a href="' . $this->url . '"><b>' . $arg['title'] . '</b></a> | ' . core::$lng['delete'] . '</div>' . '<div class="rmenu"><p>' . core::$lng['delete_confirmation'] . '<br />' . '<a href="' . $this->url . '&mod=del&item=' . $this->item . '&yes">' . core::$lng['delete'] . '</a> | ' . '<a href="' . $this->url . '">' . core::$lng['cancel'] . '</a><br />' . '<div class="sub">' . core::$lng['clear_user_msg'] . '<br />' . '<span class="red"><a href="' . $this->url . '&mod=del&item=' . $this->item . '&yes&all">' . core::$lng['clear'] . '</a></span>' . '</div></p></div>' . '<div class="phdr"><a href="' . $this->url . '">' . core::$lng['back'] . '</a></div>';
}
}
break;
default:
if (!empty($arg['context_top'])) {
echo $arg['context_top'];
}
/*
-----------------------------------------------------------------
Добавляем новый комментарий
-----------------------------------------------------------------
*/
if (!$this->ban && !functions::is_ignor($this->owner) && isset($_POST['submit']) && ($message = $this->msg_check(1)) !== false) {
if (empty($message['error'])) {
// Записываем комментарий в базу
$this->add_comment($message['text']);
$this->total = $this->msg_total(1);
$_SESSION['code'] = $message['code'];
} else {
// Показываем ошибки, если есть
echo functions::display_error($message['error']);
$this->total = $this->msg_total();
}
} else {
$this->total = $this->msg_total();
}
/*
-----------------------------------------------------------------
Показываем форму ввода
-----------------------------------------------------------------
*/
if (!$this->ban && !functions::is_ignor($this->owner)) {
echo $this->msg_form();
}
/*
-----------------------------------------------------------------
Показываем список комментариев
-----------------------------------------------------------------
*/
echo '<div class="phdr"><b>' . $arg['title'] . '</b></div>';
if ($this->total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination($this->url . '&', $start, $this->total, $kmess) . '</div>';
}
if ($this->total) {
$req = mysql_query("SELECT `" . $this->comments_table . "`.*, `" . $this->comments_table . "`.`id` AS `subid`, `users`.`rights`, `users`.`lastdate`, `users`.`sex`, `users`.`status`, `users`.`datereg`, `users`.`id`\n FROM `" . $this->comments_table . "` LEFT JOIN `users` ON `" . $this->comments_table . "`.`user_id` = `users`.`id`\n WHERE `sub_id` = '" . $this->sub_id . "' ORDER BY `subid` DESC LIMIT {$start}, {$kmess}");
$i = 0;
while (($res = mysql_fetch_assoc($req)) !== false) {
$attributes = unserialize($res['attributes']);
$res['name'] = $attributes['author_name'];
$res['ip'] = $attributes['author_ip'];
$res['ip_via_proxy'] = isset($attributes['author_ip_via_proxy']) ? $attributes['author_ip_via_proxy'] : 0;
$res['browser'] = $attributes['author_browser'];
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$menu = array($this->access_reply ? '<a href="' . $this->url . '&mod=reply&item=' . $res['subid'] . '">' . core::$lng['reply'] . '</a>' : '', $this->access_edit ? '<a href="' . $this->url . '&mod=edit&item=' . $res['subid'] . '">' . core::$lng['edit'] . '</a>' : '', $this->access_delete ? '<a href="' . $this->url . '&mod=del&item=' . $res['subid'] . '">' . core::$lng['delete'] . '</a>' : '');
$text = functions::checkout($res['text'], 1, 1);
if (core::$user_set['smileys']) {
$text = functions::smileys($text, $res['rights'] >= 1 ? 1 : 0);
}
if (isset($attributes['edit_count'])) {
$text .= '<br /><span class="gray"><small>' . core::$lng['edited'] . ': <b>' . $attributes['edit_name'] . '</b>' . ' (' . functions::display_date($attributes['edit_time']) . ') <b>' . '[' . $attributes['edit_count'] . ']</b></small></span>';
}
if (!empty($res['reply'])) {
$reply = functions::checkout($res['reply'], 1, 1);
if (core::$user_set['smileys']) {
$reply = functions::smileys($reply, $attributes['reply_rights'] >= 1 ? 1 : 0);
}
$text .= '<div class="' . ($attributes['reply_rights'] ? '' : 'g') . 'reply"><small>' . '<a href="' . core::$system_set['homeurl'] . '/users/profile.php?user='******'reply_id'] . '"><b>' . $attributes['reply_name'] . '</b></a>' . ' (' . functions::display_date($attributes['reply_time']) . ')</small><br/>' . $reply . '</div>';
}
$user_arg = array('header' => ' <span class="gray">(' . functions::display_date($res['time']) . ')</span>', 'body' => $text, 'sub' => functions::display_menu($menu), 'iphide' => core::$user_rights ? false : true);
echo functions::display_user($res, $user_arg);
echo '</div>';
++$i;
}
} else {
echo '<div class="menu"><p>' . core::$lng['list_empty'] . '</p></div>';
}
echo '<div class="phdr">' . core::$lng['total'] . ': ' . $this->total . '</div>';
if ($this->total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination($this->url . '&', $start, $this->total, $kmess) . '</div>' . '<p><form action="' . $this->url . '" method="post">' . '<input type="text" name="page" size="2"/>' . '<input type="submit" value="' . core::$lng['to_page'] . ' >>"/>' . '</form></p>';
}
if (!empty($arg['context_bottom'])) {
echo $arg['context_bottom'];
}
}
}
